How 2 Phish

I know I seem to be fixated on this topic, but it is Huge.

I received no fewer than three Phishing messages today looking for all the world like a message from PayPal.

 

Looking at the HTML code that performs the dirty deed:

 

 

<a
href="http://211.5212.70/.us/?cmd=_login-processing&login_cmd=_login-done&login_access=11097855"

 

onMouseOver="a('https://www.paypal.com/cgi-bin/webscr?cmd=_login-run');return true"
onMouseOut="b()">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a>

For those not familiar w) HTML, everything from the initial <a to the final </.a> is the link code.

Let's break it down:

 

href="http://211.5212.70/.us/?cmd=_login-processing&login_cmd=_login-done&login_access=11097855"

 

is where you will actually go if you are foolish enough to click on the link.  (After this you won't be, will you?)

 

The two lines:

 

onMouseOver="a('https://www.paypal.com/cgi-bin/webscr?cmd=_login-run');return true"
onMouseOut="b()">https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

 

Is what makes you THINK you are being routed to PayPal.  WhereEver 211.5212.70 is, you can BET it ain't anywhere near the PayPal offices.  (Interestingly enough, this guy is an idiot, 211.5212.70 is not a valid IP address, so in this case there is no harm done.  No, I didn't change this entry, I just noticed the mistake.  Sheesh!  What a Moron!)

 

The onMouseOver and onMouseOut lines are what make you THINK you are clicking on a PayPal site. 

 

Thus, (had the numb-skull specified a legit IP address) he would have you thinking you were on PayPal while his imitation site gathers info. about your identity and your Credit Cards/Bank Accounts!

 

Don't be fooled!  For one thing BOTH eBay and PayPal make it CLEAR on their sites that they NEVER send this type of e-mail!

 

ALWAYS TYPE IN ANY ADDRESS LIKE THIS YOURSELF if you have any doubts.  Don;t follow the links, or you will be caught in the Phishing net...

 

Caveat æquoretor